Official security bulletin

In my previous post I have mentioned about release of Image Uploader 5.1 (and 4.7) which has a number of security fixes (few known heap overflow and a bunch of potential problems). To prevent malicious persons to exploit these issues, we are releasing a killbit for all version and strongly recommend each customer of Image Uploader to get an update (which is free for appropriate major build).

Few words about killbit. I have already gave some comments on what is killbit and why we should use it in the Image Uploader is safe again post. Now let's see how killbit is installed on client machine. There are three ways: 

  1. Killbit is set along with new version. So when new ActiveX is downloaded and installed, old CLSIDs become disabled.
  2. Killbit can be installed manually. To do this just download the AurigmaKillbit.regfile and run it (may require administrative rights).
  3. Killbit will be installed with Internet Explorer security updates. I cannot get an exact time frame for this until I get approval from Microsoft, but it will happen not earlier than in 2-3 months.

Below is described a list of CLSIDs which are killbited and their alternate CLSIDs.

Old CLSID                               New CLSID

Standard builds:

6E5E167B-1566-4316-B27F-0DDAB3484CF7    EDFCB7CB-942C-4822-AF14-F0B687409848 - Image Uploader 4      
BA162249-F2C5-4851-8ADC-FC58CB424243    5D637FAD-E202-48D1-8F18-5B9C459BD1E3 - Image Uploader 5      
652623DC-2BB4-4C1C-ADFB-57A218F1A5EE    FB5C74A8-48D0-42A3-B47F-6896F94DFC21 - Upload Items 4     
9275A865-754B-4EDF-B828-FED0F8D344FC    59BA14C3-B5CD-4DFF-8256-25961756B9B4 - Upload Items 5     
E1A26BBF-26C0-401d-B82B-5C4CC67457E0    D6216AB8-9FF8-47C6-A2E7-49491B39C857 - File Downloader

Private-label builds, Image Uploader 4:

B60770C2-0390-41A8-A8DE-61889888D840    51B7FAF0-B98E-4A0F-9DF6-E31A81836925     
44A6A9CA-AC5B-4C39-8FE6-17E7D06903A9    6F9DF050-35BE-4E5E-9293-663D6B526B7F     
76EE578D-314B-4755-8365-6E1722C001A2    33DFB28A-9792-4AFC-B594-D589365DF67D     
F89EF74A-956B-4BD3-A066-4F23DF891982    CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC     
101D2283-EED9-4BA2-8F3F-23DB860946EB    718B3D1E-FF0C-4EE6-9F3B-0166A5D1C1B9     
69C462E1-CD41-49E3-9EC2-D305155718C1    208B36BE-4B91-45D5-A636-4E70D745593C     
41473CFB-66B6-45B8-8FB3-2BC9C1FD87BA    66AE48D0-2ECE-4F09-886B-3B6C2FD4A985     
108092BF-B7DB-40D1-B7FB-F55922FCC9BE    B82F1D98-BE90-42E2-B64D-C7AB48E40B4C     
CF08D263-B832-42DB-8950-F40C9E672E27    6B999576-2C81-4811-A912-2270B3D0865A     
F1F51698-7B63-4394-8743-1F4CF1853DE1    1DB7FAAD-2582-49C3-807C-42024B031552     
905BF7D7-6BC1-445A-BE53-9478AC096BEB    02F654C7-2915-45DF-94E2-8B145A060DF9     
916063A5-0098-4FB7-8717-1B2C62DD4E45    4113F622-4901-468F-864E-5480F1C3BC3A     
AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4    CAC677B6-4963-4305-9066-0BD135CD9233     
AE6C4705-0F11-4ACB-BDD4-37F138BEF289    0C92900E-4D5A-4F04-ACC9-729E1767BBAE     
FA8932FF-E064-4378-901C-69CB94E3A20A    A6C3B396-6F73-4CBE-AEF5-A86421AF1B93     
3604EC19-E009-4DCB-ABC5-BB95BF92FD8B    E33E2112-8A3F-4B0F-884B-767C1610627E     
65FB3073-CA8E-42A1-9A9A-2F826D05A843    83803392-C613-473A-AF42-5C4D07F8FE7B     
7EB2A2EC-1C3A-4946-9614-86D3A10EDBF3    F7FC62B7-1E68-4A56-B978-795662B02691     
9BAFC7B3-F318-4BD4-BABB-6E403272615A    57F9ADF0-9759-4D97-AB03-8AB5882A2FD5     
05CDEE1D-D109-4992-B72B-6D4F5E2AB731    BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4     
977315A5-C0DB-4EFD-89C2-10AA86CA39A5    85A9BDFA-93C0-4F1B-9AB6-B92A90E5B326     
1E0D3332-7441-44FF-A225-AF48E977D8B6    72719D4A-11A5-4E33-A131-36DE83DE9C3A     
B85537E9-2D9C-400A-BC92-B04F4D9FF17D    37A8A17B-2DDC-4600-BBC6-538C10AED8C0     
2C2DE2E6-2AD1-4301-A6A7-DF364858EF01    19E20072-785D-41C3-ADE9-D784325AB7B0     
0270E604-387F-48ED-BB6D-AA51F51D6FC3    60541D7A-4EF1-4117-9607-7C1B0EEAAD18     
FC28B75F-F9F6-4C92-AF91-14A3A51C49FB    3EF75DF9-FC62-410A-B599-B131D917EC3B     
86C2B477-5382-4A09-8CA3-E63B1158A377    A6BF5692-E5E8-4B40-8E5E-819AF5E3AC08     
8CC18E3F-4E2B-4D27-840E-CB2F99A3A003    070A0793-B969-4BC7-848B-3FD844554784     
68BBCA71-E1F6-47B2-87D3-369E1349D990    2AF2E06E-166C-49C9-8BDF-CD9A8A07089C     
8DBC7A04-B478-41D5-BE05-5545D565B59C    B57779BE-8EBE-46A1-A2F1-0BBFF6192B0C     
D986FE4B-AE67-43C8-9A89-EADDEA3EC6B6    6C87A126-AC2E-42EF-8A09-39AC05E8FBDF     
6CA73E8B-B584-4533-A405-3D6F9C012B56    5F0CE5B2-46E1-4E00-AC64-0C756537D26C     
A7866636-ED52-4722-82A9-6BAABEFDBF96    AB3222DF-F6E1-40CB-BB80-1BF999130D7D     
B0A08D67-9464-4E73-A549-2CC208AC60D3    3F17C07C-2153-4471-BB74-7554A7310C8C     
3D6A1A85-DE54-4768-9951-053B3B02B9B0    0FDC57AC-BB9F-40FF-9921-46D28B712D08     
947F2947-2296-42FE-92E6-E2E03519B895    7F4E9A4B-7D73-4D7D-9A37-30100CEE0874     
47AF06DD-8E1B-4CA4-8F55-6B1E9FF36ACB    CD6FB286-3337-45E8-AF97-6AA3802D2F90     
B26E6120-DD35-4BEA-B1E3-E75F546EBF2A    5FA63150-FBD6-451D-B014-D55DDED4F2F3     
926618A9-4035-4CD6-8240-64C58EB37B07    29C78D18-D3C3-4B8F-B7EF-F5DC2385F82E     
B95B52E9-B839-4412-96EB-4DABAB2E4E24    ADFCE7BD-C522-48E7-9D2A-976597629667     
CB05A177-1069-4A7A-AB0A-5E6E00DCDB76    DF21EFC6-E614-4C4C-92E7-C94A944E5C5E     
A233E654-53FF-43AA-B1E2-60DA2E89A1EC    0F3FEBAA-440F-4003-B2BC-71B9D9C20E72     
6981B978-70D9-40B9-B00E-903B6FC8CA8A    7FBBED73-8E99-40BE-894E-F66F6F49D8F0     
C86EE68A-9C77-4441-BD35-14CC6CC4A189    8F20884C-68BF-440C-BB5F-13BAC64B8C1C     
2875E7A5-EE3C-4FE7-A23E-DE0529D12028    CA9CABF3-48C0-4589-808E-ADE58599DF6C     
66E07EF9-4E89-4284-9632-6D6904B77732    A9BEBDF3-2816-44E9-9F64-71EBDE235E15     
00D46195-B634-4C41-B53B-5093527FB791    7A53918A-FF36-41E3-96A6-3A7672746CB9     
497EE41C-CE06-4DD4-8308-6C730713C646    55D95DEA-6E0F-476B-AE02-57C5F99332F2     
7A12547F-B772-4F2D-BE36-CE5D0FA886A1    F83FA5C8-A016-401F-9A45-E582D8BD498F     
0B9C0C26-728C-4FDA-B8DD-59806E20E4D9    44BF597A-C391-4162-8976-B00B55C92F56     
F399F5B6-3C63-4674-B0FF-E94328B1947D    0D4515D4-1845-4E7C-8E16-79AEEC44AB7C     
8C7A23D9-2A9B-4AEA-BA91-3003A316B44D    D428C208-57A8-4A63-BF7F-E7FABE6A9E9B     
E6127E3B-8D17-4BEA-A039-8BB9D0D105A2    C6B9830E-35DE-463D-8CFA-E289E317565C     
A3796166-A03C-418A-AF3A-060115D4E478    ADA48720-6C9A-4A34-9E3E-5B17556A2B39     
73BCFD0F-0DAA-4B21-B709-2A8D9D9C692A    AB4E1C02-3EDB-4A72-B1B8-FD909831C761     
93C5524B-97AE-491E-8EB7-2A3AD964F926    A696A6DE-8011-407B-850B-077BE505D11D     
833E62AD-1655-499F-908E-62DCA1EB2EC6    7CAE4253-EEEF-42C7-BB94-E65EBF540DB6     
285CAE3C-F16A-4A84-9A80-FF23D6E56D68    C4B2AB47-CE9B-4850-A8B6-36F3896E17BF     
AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B    4910F815-D322-409F-A6D1-61FAE656E4A0     
4614C49A-0B7D-4E0D-A877-38CCCFE7D589    096CBF58-FC7F-433D-9158-27DE6B22D8C7     
974E1D88-BADF-4C80-8594-A59039C992EA    B67F4A74-B98A-4F74-AF9E-C422198BB0F8     
692898BE-C7CC-4CB3-A45C-66508B7E2C33    BAC8495C-A1FF-48B3-AB22-52544FFA3047     
F6A7FF1B-9951-4CBE-B197-EA554D6DF40D    CC7FD10E-8471-4399-B7B0-976BCB84357E     
038F6F55-C9F0-4601-8740-98EF1CA9DF9A    89DCF5AD-2D57-4C98-AE18-E4222DFEA4CC     
652623DC-2BB4-4C1C-ADFB-57A218F1A5EE    FB5C74A8-48D0-42A3-B47F-6896F94DFC21     
9275A865-754B-4EDF-B828-FED0F8D344FC    59BA14C3-B5CD-4DFF-8256-25961756B9B4     
6C095616-6064-43ca-9180-CF1B6B6A0BE4    BC9C7884-D1F5-4E67-80F2-C67AE8C62701     
E1A26BBF-26C0-401d-B82B-5C4CC67457E0    D6216AB8-9FF8-47C6-A2E7-49491B39C857

Private-label builds, Upload Items 4:

A7866636-ED52-4722-82A9-6BAABEFDBF96    AB3222DF-F6E1-40CB-BB80-1BF999130D7D    
B0A08D67-9464-4E73-A549-2CC208AC60D3    3F17C07C-2153-4471-BB74-7554A7310C8C    
3D6A1A85-DE54-4768-9951-053B3B02B9B0    0FDC57AC-BB9F-40FF-9921-46D28B712D08    
947F2947-2296-42FE-92E6-E2E03519B895    7F4E9A4B-7D73-4D7D-9A37-30100CEE0874    
47AF06DD-8E1B-4CA4-8F55-6B1E9FF36ACB    CD6FB286-3337-45E8-AF97-6AA3802D2F90    
B26E6120-DD35-4BEA-B1E3-E75F546EBF2A    5FA63150-FBD6-451D-B014-D55DDED4F2F3    
926618A9-4035-4CD6-8240-64C58EB37B07    29C78D18-D3C3-4B8F-B7EF-F5DC2385F82E    
B95B52E9-B839-4412-96EB-4DABAB2E4E24    ADFCE7BD-C522-48E7-9D2A-976597629667    
CB05A177-1069-4A7A-AB0A-5E6E00DCDB76    DF21EFC6-E614-4C4C-92E7-C94A944E5C5E    
A233E654-53FF-43AA-B1E2-60DA2E89A1EC    0F3FEBAA-440F-4003-B2BC-71B9D9C20E72    
6981B978-70D9-40B9-B00E-903B6FC8CA8A    7FBBED73-8E99-40BE-894E-F66F6F49D8F0    
C86EE68A-9C77-4441-BD35-14CC6CC4A189    8F20884C-68BF-440C-BB5F-13BAC64B8C1C    
2875E7A5-EE3C-4FE7-A23E-DE0529D12028    CA9CABF3-48C0-4589-808E-ADE58599DF6C    
66E07EF9-4E89-4284-9632-6D6904B77732    A9BEBDF3-2816-44E9-9F64-71EBDE235E15    
00D46195-B634-4C41-B53B-5093527FB791    7A53918A-FF36-41E3-96A6-3A7672746CB9    
497EE41C-CE06-4DD4-8308-6C730713C646    55D95DEA-6E0F-476B-AE02-57C5F99332F2    
7A12547F-B772-4F2D-BE36-CE5D0FA886A1    F83FA5C8-A016-401F-9A45-E582D8BD498F    
0B9C0C26-728C-4FDA-B8DD-59806E20E4D9    44BF597A-C391-4162-8976-B00B55C92F56    
F399F5B6-3C63-4674-B0FF-E94328B1947D    0D4515D4-1845-4E7C-8E16-79AEEC44AB7C    
8C7A23D9-2A9B-4AEA-BA91-3003A316B44D    D428C208-57A8-4A63-BF7F-E7FABE6A9E9B    
E6127E3B-8D17-4BEA-A039-8BB9D0D105A2    C6B9830E-35DE-463D-8CFA-E289E317565C    
A3796166-A03C-418A-AF3A-060115D4E478    ADA48720-6C9A-4A34-9E3E-5B17556A2B39    
73BCFD0F-0DAA-4B21-B709-2A8D9D9C692A    AB4E1C02-3EDB-4A72-B1B8-FD909831C761    
93C5524B-97AE-491E-8EB7-2A3AD964F926    A696A6DE-8011-407B-850B-077BE505D11D    
833E62AD-1655-499F-908E-62DCA1EB2EC6    7CAE4253-EEEF-42C7-BB94-E65EBF540DB6    
285CAE3C-F16A-4A84-9A80-FF23D6E56D68    C4B2AB47-CE9B-4850-A8B6-36F3896E17BF    
AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B    4910F815-D322-409F-A6D1-61FAE656E4A0    
4614C49A-0B7D-4E0D-A877-38CCCFE7D589    096CBF58-FC7F-433D-9158-27DE6B22D8C7    
974E1D88-BADF-4C80-8594-A59039C992EA    B67F4A74-B98A-4F74-AF9E-C422198BB0F8    
692898BE-C7CC-4CB3-A45C-66508B7E2C33    BAC8495C-A1FF-48B3-AB22-52544FFA3047    
F6A7FF1B-9951-4CBE-B197-EA554D6DF40D    CC7FD10E-8471-4399-B7B0-976BCB84357E    
038F6F55-C9F0-4601-8740-98EF1CA9DF9A    89DCF5AD-2D57-4C98-AE18-E4222DFEA4CC

Private-label builds, File Downloader

6C095616-6064-43ca-9180-CF1B6B6A0BE4    BC9C7884-D1F5-4E67-80F2-C67AE8C62701

If you have a private-label version and do not see your CLSID there, please contact us at info@aurigma.com.

UPDATE (03/27/2008):

Few other CLSIDs we added to this killbit (see below). No more changes will be made to it though.

Also, I have got a confirmation from Microsoft that these CLSIDs will be killbited on June.

Old CLSID                               New CLSID

Private-label builds, Image Uploader 4:

A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98    B48C6F3D-3AB9-4DAA-A24C-7D6570FFACEC    
5C6698D9-7BE4-4122-8EC5-291D84DBD4A0    23E0446E-BFBD-4E70-97F1-25549A1F284E

Private-label builds, Upload Items 4:

E4C97925-C194-4551-8831-EABBD0280885    0E519CCA-A262-4EC1-BD7F-AEB9168F0EAB    
CC7DA087-B7F4-4829-B038-DA01DFB5D879    F7D4E441-BC09-4592-8CC3-75C0558187F5

Join our newsletter